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(54) Title: METHOD AND SYSTEM FOR SECURE INFORMATION HANDLING 
(57) Abstract 



Information that must remain secure is often stored 
on untrusted storage devices. To increase security, this 
information is encrypted by an encryption value prior to 
storing on the untrusted storage device. The encryption 
value itself is then encrypted. The encryption value is 
decrypted by correctly solving an access formula describing 
a function of groups. Each group includes a list of at 
least one consumer client A requesting consumer client is 
granted access to the information if the requesting consumer 
client is a member of at least one group which correctly 
solves the access formula. 
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WHAT IS CLAIMED IS: 

1. A method for the secure handling of information encrypted to a 
data set, the information requested by a requesting consumer client, the data set stored on 
at least one storage device, the method comprising decrypting a value required to decrypt 
the information, the value decrypted by correctly solving an access formula describing a 
function of groups, each group comprising a list of at least one client, wherein the 
requesting consumer client is granted access to the information if the requesting 
consumer client is a member of at least one group which correctly solves the access 
formula. 

2. A method for the secure handling of information as in claim 1 
wherein the encrypted value and the access formula are stored as metadata in the data set. 

3. A method for the secure handling of information by at least one 

client using at least one untrusted storage device, each client connected to the at least one 

untrusted storage device using a network, the network further having a key manager for 

issuing private key and public key matched pairs for use with an asymmetric encryption 

and decryption scheme, the scheme allowing a file encrypted with a public key to be 

decrypted only with a matched private key, the method comprising: 

creating at least one group, each group comprising a list of at least one 
consumer client; 

acquiring a public key and a matched private key for each of the at least 

one group; 

encrypting an information set to produce a data set, the encryption based 
on a randomly generated number; 

determining an access formula expressing logical combination of the at 
least one group for which access to the information set will be granted, solution of the 
access formula by at least one solution group indicating that a consumer client belonging 
to the at least one solution group may access the encrypted information set; 

asymmetrically encrypting the randomly generated number using the 
determined access formula and the public key for each of the at least one group granted 
access to the information set; 

adding the encrypted randomly generated number to the data set; and 

storing the data set on at least one untrusted storage device. 
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4. A method for the secure handling of information as in claim 3 
wherein a consumer client having a public key and a matched private key requests access 
to information encrypted in the stored data set, the method further comprising: 

receiving a request from the consumer client; 

determining if the consumer client belongs to at least one solution group 
which solves the access formula and, if not, denying access; 

otherwise, decrypting the randomly generated number using the private 
key for the at least one determined solution group; and 

encrypting the randomly generated number using the public key for the 
consumer client thereby permitting access to the encrypted information set by the 
consumer client. 



5. A method for the secure handling of information as in claim 4 
further comprising recording all attempts to access the information set in an audit trail, 
the audit trail including an indication of the consumer client requesting access. 

6. A method for the secure handling of information as in claim 3 
wherein a plurality of groups form a solution to the access formula, asymmetrically 
encrypting the randomly generated number creating an encrypted partial key for each 
group in the plurality of groups, each partial key encrypted using the public key for one 
group in the plurality of groups, each partial key required to decrypt the encrypted 
randomly generated number, the method further comprising: 

for each group in the plurality of groups, decrypting the encrypted partial 
key using the private key for the group; 

for each group in the plurality of groups, reencrypting the decrypted 
partial key using the public key for a requesting client; 

decrypting each reencrypted partial key using the private key of the 
requesting client; 

determining the randomly generated number based on each partial key; 

and 

decrypting the information set using the determined randomly generated 

number. 

7. A method for the secure handling of information as in claim 3 
wherein the access formula is a boolean combination of groups, a group asserting true in 
the boolean combination when a consumer client member of the group requests access to 
the information set protected by the access formula, the consumer client group member 
granted access if the access formula resultant is true. 
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8. A method for the secure handling of information as in claim 3 
further comprising: 

determining that an information set destined for storage on at least one 
untrusted storage device is encrypted; and 

prohibiting storage on the at least one untrusted storage device if the 
information set is determined not to be encrypted. 

9. A system for the secure handling of information stored on at least 
one untrusted storage device connected to a network comprising: 

a key manager connected to the network, the key manager operable to 
generate private key and public key matched pairs for use with an asymmetric encryption 
and decryption scheme, the scheme allowing a file encrypted with a public key to be 
decrypted only with a matched private key; 

at least one group server connected to the network, each group server 

operable to 

^ maintain at least one group, each 

group comprising a list of client members allowed access to 
information produced by any client member of the group, 
and 

^ obtain a private key and matched 

public key for each group; and 
at least one producer client connected to the network, the producer client 

operative to 

^ encrypt an information set to produce 

a data set, the encryption based on an encryption value, 

^ determine an access formula 

expressing logical combination of the at least one group for 
which access to the information set will be granted, solution 
of the access formula by at least one solution group 
indicating that a client belonging to the at least one solution 
group may access the encrypted information set, 

^ asymmetrically encrypt the encryption 

value using the determined access formula and the public 
key for each of the at least one group for which access to 
the information set may be granted, 

^ add the encrypted encryption value 

and the access formula to the data set, and 

( e ) store the data set on at least one 

untrusted storage device. 
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10. A system for the secure handling of information as in claim 9 
wherein the encryption value comprises a randomly generated number. 

11. A system for the secure handling of information as in claim 9 
wherein the access formula is a boolean combination of groups, a group asserting true in 
the boolean combination when a client member of the group requests access to the 
information set protected by the access formula, the client member granted access if the 
access formula resultant is true. 

12. A system for the secure handling of information as in claim 9 
wherein the producer client is further operable to 

determine that an information set destined for storage on at least one 
untrusted storage device is encrypted; and 

prohibit storage on to the at least one untrusted storage device if the 
information set is determined not to be encrypted. 

13. A system for the secure handling of information as in claim 9 
further comprising at least one consumer client connected to the network, each consumer 
client operative to 

obtain a private key and a matched public key; 

determine that an accessed data set has encrypted information; 

determine at least one group server maintaining at least one group from the 
access formula logical combination, the at least one group forming a solution to the 
access formula; 

send a request to access the encrypted information set to each of the at 
least one determined group server; 

if access is granted from each of the determined at least one group server, 
decrypt the encryption value using the obtained private key; and 

decrypt the encrypted information set using the decrypted encryption 

value. 

14. A system for the secure handling of information as in claim 13 
wherein the at least one group is a plurality of groups and wherein the producer client 
asymmetrically encrypts the encryption value to produce a partial key for each group in 
each set of groups forming a solution to the access formula, the consumer client further 
operative to decrypt the encryption value by decrypting each partial key and to determine 
the encryption value based on each decrypted partial key. 
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15. A system for the secure handling of information as in claim 13 
wherein each group server is further operable to 

receive a request from a requesting consumer client; 
determine if the requesting consumer client belongs to at least one solution 
group which solves the access formula and, if not, deny access; 

otherwise, decrypt the encryption value using the private key for the at 
least one determined solution group; and 

encrypt the encryption value using the public key for the requesting 
consumer client thereby permitting access to the encrypted information set by the 
consumer client. 

16. A system for the secure handling of information as in claim 13 
wherein each group server is further operable to record all attempts to access each 
information set in an audit trail, the audit trail including an indication of the consumer 
client requesting access. 

17. A system for the secure handling of information as in claim 13 
wherein each group server is further operable to permit additions, deletions, and changes 
to each group list of client members. 
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